Many years ago I was responsible for adding the 'qemu_acl' type and associated HMP commands. Looking back at it now, it is quite a poor facility with a couple of bad limitations. First, the responsibility for creating the ACLs was left with the QEMU network service (VNC server was only thing ever doing it). This meant you could not share ACLs across multiple services. Second, there was no way to populate ACLs on the command line, you had no choice but to use the HMP commands. Third, the API was hardcoded around the idea of an in-QEMU implementation, leaving no scope for plugging in alternative implementations backed by, for exmaple, LDAP or PAM.
This series introduces a much better authorization API design to QEMU that addresses all these problems, and maintains back compatibility. It of course is based on the QOM framework, so that immediately gives us ability to create objects via the CLI, HMP or QMP. There is an abstract base clss "QAuthZ" which defines the basic API for QEMU network services to use, and a specific implementation "QAuthZ" simple which replicates the functionality of 'qemu_acl'. It is thus possible to add other impls, without changing any other part of QEMU in the future. Finally, the user is responsible for creating the ACL objects, so they can have one ACL associated with all their TLS enabled network services. There was only one small problem with this, specifically the -object CLI arg and HMP 'object_add' command had no way to let the user specify non-scalar properties for objects. eg if an object had a property which is a list of structs, you are out of luck if you want to create it without using QMP. Thus the first three patches do some work around QAPI / QOM to make it possible to specify non-scalar properties with the -object CLI arg and HMP 'object_add' command. See the respective patches for illustration of the syntax used. The patches 4 and 5 introduce the new base class and specific implementation. Patch 6 kills the old qemu_acl code, updating any existing callers of it to use the QAuthZSimple QOM class instead. Patches 7-10 add support for associating ACLs with the network services supporting TLS encryption (NBD, chardev and VNC). Aside from the outstanding migration TLS patches, this series wraps up the feature based work I have for TLS in this release cycle. Changed in v3: - Created separate qdict_list_size method (Max) - Added unit tests for case of empty dict (Max) - Fix variable names to use underscore separator (Max) - Fix potential free of uninitialized variables (Max) - Use QObject APIs for casts, instead of C type casts (Max) Changed in v2: - Adapt to changes in qapi visitor APIs - Add a 'bool recursive' flag to qdict_crumple (Max) - Fix memory leaks in qdict_crumple (Max) - Split out key splitting code from qdict_crumple (Max) - Use saner variable names in qdict_crumple (Max) - Added some tests for bad inputs to qdict_crumple Daniel P. Berrange (10): qdict: implement a qdict_crumple method for un-flattening a dict qapi: allow QmpInputVisitor to auto-cast types qom: support arbitrary non-scalar properties with -object util: add QAuthZ object as an authorization base class util: add QAuthZSimple object type for a simple access control list acl: delete existing ACL implementation qemu-nbd: add support for ACLs for TLS clients nbd: allow an ACL to be set with nbd-server-start QMP command chardev: add support for ACLs for TLS clients vnc: allow specifying a custom ACL object name MAINTAINERS | 7 + Makefile | 9 +- Makefile.objs | 2 + Makefile.target | 2 + blockdev-nbd.c | 10 +- crypto/tlssession.c | 28 +++- hmp.c | 20 +-- include/qapi/qmp-input-visitor.h | 3 + include/qapi/qmp/qdict.h | 1 + include/qemu/acl.h | 74 ---------- include/qemu/authz-simple.h | 107 ++++++++++++++ include/qemu/authz.h | 81 +++++++++++ monitor.c | 161 +++++++++++++-------- qapi-schema.json | 8 +- qapi/block.json | 4 +- qapi/qmp-input-visitor.c | 96 +++++++++++-- qapi/util.json | 31 ++++ qemu-char.c | 11 +- qemu-nbd.c | 13 +- qemu-nbd.texi | 4 + qmp-commands.hx | 2 +- qobject/qdict.c | 267 +++++++++++++++++++++++++++++++++++ qom/object_interfaces.c | 20 ++- tests/.gitignore | 1 + tests/Makefile | 5 +- tests/check-qdict.c | 143 +++++++++++++++++++ tests/check-qom-proplist.c | 295 ++++++++++++++++++++++++++++++++++++++- tests/test-authz-simple.c | 156 +++++++++++++++++++++ tests/test-crypto-tlssession.c | 13 +- tests/test-io-channel-tls.c | 14 +- tests/test-qmp-input-visitor.c | 115 ++++++++++++++- ui/vnc-auth-sasl.c | 2 +- ui/vnc-auth-sasl.h | 4 +- ui/vnc.c | 76 ++++++++-- util/Makefile.objs | 4 +- util/acl.c | 188 ------------------------- util/authz-simple.c | 256 +++++++++++++++++++++++++++++++++ util/authz.c | 46 ++++++ 38 files changed, 1876 insertions(+), 403 deletions(-) delete mode 100644 include/qemu/acl.h create mode 100644 include/qemu/authz-simple.h create mode 100644 include/qemu/authz.h create mode 100644 qapi/util.json create mode 100644 tests/test-authz-simple.c delete mode 100644 util/acl.c create mode 100644 util/authz-simple.c create mode 100644 util/authz.c -- 2.5.0
